package com.scedu.config;

import com.scedu.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
//在启动类上添加开启方法级的授权注解
@EnableGlobalMethodSecurity(securedEnabled =true )
//SpringSecurity配置类
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//    1、配置用户来源
    @Autowired
    UserService userService;
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        /*
        <!--设置Spring Security认证用户信息的来源-->
        <security:authentication-manager>
            <security:authentication-provider>
                <security:user-service>
                    <security:user name="user" password="{noop}user"
                    authorities="ROLE_USER" />
                    <security:user name="admin" password="{noop}admin"
                    authorities="ROLE_ADMIN" />
                </security:user-service>
            </security:authentication-provider>
        </security:authentication-manager>
         */
//        auth.inMemoryAuthentication()
//                .withUser("user")
//                .password("{noop}123")
//                .roles("USER"); //注意这里不要加前缀
        auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
    }

    protected void configure(HttpSecurity http) throws Exception {
        //请求授权的规则
        //4、释放静态资源
        http.authorizeRequests()
                .antMatchers( "/failer","/loginPage","/login", "/css/**", "/img/**",
                        "/plugins/**").permitAll();

        //5、配置资源访问所需的角色
        // <!--使用spring的el表达式来指定项目所有资源访问都必须有ROLE_USER或ROLE_ADMIN角色-->
        //<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>
        http.authorizeRequests()
                .antMatchers("/**").hasAnyRole("USER")
                .anyRequest()
                .authenticated();

       //1、配置认证信息
        /*
         <!--                1、配置认证信息
         login-page 登录地址
         login-processing-url 处理器地址
         default-target-url 默认跳转路径
         authentication-failure-url 认证失败url
         -->
        <security:form-login login-page="/login.jsp"
                             login-processing-url="/login"
                             default-target-url="/index.jsp"
                             authentication-failure-url="/failer.jsp" />
         */
        http.formLogin()
                .loginPage("/loginPage")
                .loginProcessingUrl("/login")
                .successForwardUrl("/index")
                .failureForwardUrl("/failer")
                .permitAll();

        //2、配置退出登录信息
        /*
<!--        2、配置退出登录信息
              logout-url 退出登录地址
              logout-success-url 退出成功后跳转地址
-->
        <security:logout logout-url="/logout"
                         logout-success-url="/login.jsp" />
         */
        http.logout()
                .logoutUrl("/logout")
                .invalidateHttpSession(true)
                .logoutSuccessUrl("/loginPage")
                .permitAll();

        //3、让认证页面可以匿名访问
        /*
        <!--        3、让认证页面可以匿名访问-->
        <security:intercept-url pattern="/login.jsp" access="permitAll()" />
         */
        http.formLogin()
                .loginPage("/loginPage")
                .permitAll();
        //6、关闭防止csrf功能 解决注销退出报错
        http.csrf()
                .disable();


    }
}
